PricingBlogAbout Us

Vulnerability Analysis of CVE-2014-6271

Verified

Added on  2019/09/19

|3
|1031
|296
Report
AI Summary
The paper discusses the critical vulnerability CVE-2014-6271 in the BASH command line, which allows attackers to execute shell commands remotely by injecting malicious code into environment variables. This vulnerability affects GNU Bash versions from 1.14 to 4.3 and is exposed in systems such as Apache HTTP Server, OpenSSH, Git, and Subversion deployments. The attack vectors include remote and local scenarios, with the most dangerous being web servers running CGI scripts and making use of Bash. Mitigation strategies include implementing Mod_security rules, setting IPTables rules, and enforcing privileged mode for Bash usage.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Executive Summary
This paper talks about the critical vulnerability referred as the CVE-2014-6271. This
vulnerability occurs in the BASH command line. BASH is the command line tool or shell for
the GNU based operating system. BASH is an acronym that stands for the ‘Born Again
Shell’. They are used in many Linux and UNIX based operating system including Apple’s
Mac OS X. The vulnerability has been reported by the Department of Homeland Security.
They released a statement that provides additional details about the GNU Bash vulnerability.
This vulnerability allows for an attacker to execute shell commands remotely. This is done by
the attacker by way of attaching malicious code in several environment variables that is being
used by the underlying operating system.
Technical Description
Vulnerability Description
GNU Bash from version 1.14 to version 4.3 has a vulnerability in them that allows for
commands that have been placed after the functions in the environment variable thereby
allowing attackers remotely to execute arbitrary code with the help of a specially made
environment that allows network based exploitation [1]. In instances where this particular
vulnerability is exposed includes the following:
Apache HTTP Server, when using mod_cgid or mod_cgi scripts which is either
written in bash or GNU Bash subshells or else in any other system which makes use
of /bin/sh interface.
Bypassing or overriding the ‘ForceCommand’ feature in OpenSSH sshd as well as
limited protection for Git / Subversion deployments that are needed for restricting
shells which also allows for arbitrary execution.
Allowing arbitrary command execution on a client DHCP machine.
Systems that are affected by this vulnerability includes:
GNU Bash up until version 4.3. [2]
Mac OS X systems as well as Linux / UNIX based systems wherein Bash is an
integral part of the operating system.
Any UNIX or BSD system wherein GNU Bash could be installed
Any operating system based on UNIX wherein /bin/sh is implemented as an interface
in GNU Bash.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Attack Vector
There are many kind of attack vectors possible for this vulnerability including both remote
and local scenarios. However, the most dangerous ones are typically where CGI scripts and
web servers are involved. Any kind of web server which is running a CGI scripts and making
use of Bash could be easily exploited right now and providing the ability to attackers to run
arbitrary code remotely [3].
How this happens is because a typical web server runs various CGI scripts and has many
environment variables wherein the values are obtained via HTTP requests. This itself means
that the attacker could easily inject arbitrary code in this environment which would be
received by the CGI script and thereby allowing them to carry out an attack. For instance,
web servers take a value about ‘User-Agent’ which is specified in the HTTP Header and then
set the variable specific to that usr agent. An attacker could potentially exploit the
vulnerability by sending a malicious value and then the web server would set the server
protocol with that value thereby making the exploit possible [4].
Mitigation
To begin with, users should run the Bash command to check whether or not Bash is still
vulnerable and if it is, then they can do the following to mitigate the Bash Shell Shock
vulnerability
Implementing Mod_security rules in order to reject HTTP requests that contains such
data that may be interpreted by Bash a definition of function set in its own
environment.
Settig IPTables rules in order to drop those packets that contains strings that may be a
part of the attack [5].
Implementing a system based mitigation by enforcing the use of Bash in privileged
mode.
Monitoring logs for attempted, unsuccessful and successful command executions.
Remediation
The first and foremost step towards fixing the Bash Shellshock vulnerability is to update
Bash itself. Bash can be updated in many Linux distributions with a simple command by
Document Page
making use of the standard package manager so as to update Bash. These can be done in
Ubuntu, Fedora, Red Hat, Debian, CentOS among others.
Simultaneously, Mac OS X users would need to follow the default update route provide by
Apple via their Store and apply a system-wide update patch to fix the vulnerability. These
patches should be applied as soon as they are made available.
Apart from these, hardware based firewalls, switches and network routers would also be
vulnerable and they would need to be applied system patches or updates too as soon as they
are made available for the respective versions.
Exploitation Scenario
The attacker would modify its own User Agent to begin with and then he would craft
an HTTP Request with malicious requests.
The attacker would find a server and then will attack it.
The attacker would pipe its request with multiple commands because each and every
server is configured differently and not all commands may work on it. Hence piping
multiple requests increases the chances.
The attacker may open up shell on the server and get root access or do multiple pings
bringing the server to a crawl essentially causing Denial of Service attack.
References
[1]"NVD - CVE-2014-6271", Web.nvd.nist.gov, 2018. [Online]. Available:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271. [Accessed: 23- Apr-
2018].
[2]T. Enache, Shellshock Vulnerability. 2016.
[3]A. Mary, Shellshock Attack on Linux Systems – Bash. 2015.
[4]A Comprehensive Analysis on Bash Shellshock (CVE-2014-6271)_V1.52. 2014.
[5]"Mitigating the shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169) - Red Hat
Customer Portal", Access.redhat.com, 2018. [Online]. Available:
https://access.redhat.com/articles/1212303. [Accessed: 23- Apr- 2018].
1 out of 3
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.